Your download link is at the very bottom of the page... always.

Processed through Paypal
No account required.

Donate Bitcoin to this wallet:
Donate Ethereum to this wallet:
Donate Litecoin to this wallet:

Buying our over-priced stuff helps us keep things running. Peruse here.

Join our Facebook groupFollow us on TwitterFollow us on InstagramOur RSS Feed

 Home » Freeware Downloads » Anti-Virus, Anti-Malware, Security Utilities » Ransomware File Decryption Tools   
  File Name Rating Downloads
Last Update/Developer
21 Avast Ransomware Decryption Tools
21 Avast Ransomware Decryption Tools Avast has created 21 different tools to decrypt your files encrypted by the following ransomware variants. This is a zip file containing all 21 of them. AES_NI Alcatraz Locker Apocalypse BadBlock Bart BigBobRoss BTCWare Crypt888 CryptoMix (Offline) CrySiS EncrypTile FindZip GandCrab Globe HiddenTear Jigsaw LambdaLocker Legion NoobCrypt Stampado SZFLocker TeslaCrypt XData Click here to visit the author's website.
5/5 1,264 Nov 13, 2019
Avast Software s.r.o.
Bitdefender Ransomware Recognition Tool v1.0.0.2
Bitdefender Ransomware Recognition Tool v1.0.0.2 A tool to help ransomware victims find which family and sub-version of ransomware has encrypted their data and then get the appropriate decryption tool, if it exists. Ransomware has grabbed the headlines ever since 2014. While most ransomware attacks can’t be defeated, Bitdefender constantly creates and updates ransomware decryption tools for families that have either vulnerable encryption algorithms or for which a master decryption key has been leaked. This tool analyzes both the ransom note and the encrypted file samples to identify the strain of ransomware and suggest a decryption tool for the identified family, if such a tool is available. Step 1 Download the BRR tool and save it somewhere on your computer. The latest version is always available here. This tool requires an active internet connection. Step 2 Run the BDRansomRecognitionTool.exe and allow it to execute if prompted by an UAC alert. Step 3 Read and agree to the End User License Agreement Step 4 The application has two fields to fill in: Choose the path to the ransom note file or the path to a folder containing encrypted files. You can choose either option, but the tool needs at least one of the pieces of information to detect which strain of ransomware has encrypted your information. If none of the fields are filled in, you cannot proceed any further Step 5 Press Scan. The application gives a warning if the ransom-note path is not filled in, as the detection accuracy is slightly lower in this case. The content of the ransom note is submitted for analysis to Bitdefender cloud. If the user provides any encrypted file, NO file content will be submitted to our cloud, as the tool only analyzes the filename and its extension. If the ransomware family cannot be identified, the user is informed about this. In some cases, multiple families of ransomware display similar features. ...
5/5 2,385 Nov 13, 2019
BitDefender Labs
Emsisoft Decryptor for Paradise v1.0.0.1
Emsisoft Decryptor for Paradise v1.0.0.1 The Paradise ransomware encrypts victims using Salsa20 and RSA-1024, and appends one of several extensions such as ".paradise", "2ksys19", ".p3rf0rm4", ".FC", ".CORP", and ".STUB" An example ransom note "---==%$$$OPEN_ME_UP$$$==---.txt" can be found below. WHAT HAPPENED! Your important files produced on this computer have been encrypted due a security problem. If you want to restore then write to the online chat. Contact! Online chat: Your operator: Support Your personal ID: [redacted] Enter your ID and e-mail in the chat that you would immediately answered. Attention! Do not rename encrypted files. Do not try to decrypt your data using third party software, it may cause permanent data loss. Do not attempt to use the antivirus or uninstall the program. This will lead to your data loss and unrecoverable. Decoders of other users is not suitable to decrypt your files - encryption key is unique. How to use the Emsisoft Decryptorfor Paradise MPORTANT! Be sure to quarantine the malware from your system first, or it may repeatedly lock your system or encrypt files. If your current antivirus solution fails to detect the malware, it can be quarantined using the free trial version of Emsisoft Anti-Malware. If your system was compromised through the Windows Remote Desktop feature, we also recommend changing all passwords of all users that are allowed to login remotely and check the local user accounts for additional accounts the attacker might have added. How to decrypt your files 1. Download the decryptor from the same site that provided this “How To” document. 2. Run the decryptor as an administrator. The license terms will show up next, which you have to agree to by clicking the “Yes” button: 3. After accepting the terms, select your file pair using the “Browse” buttons. Then, click the “Start” button. 4. The decryptor will display the reconstructed encryption details once the recovery process has finished. The display is purely informational ...
5/5 850 Jan 21, 2020
ESET TeslaCrypt Decryptor v1.1.0.1
ESET TeslaCrypt Decryptor v1.1.0.1 ESET® released a decryptor for recent variants of the TeslaCrypt ransomware. If you have been infected by one of the new variants (v3 or v4) of the notorious ransomware TeslaCrypt and the encrypted files have the extensions .xxx, .ttt, .micro, .mp3 or remained unchanged, then ESET has good news for you. Recently, TeslaCrypt’s operators have announced they are wrapping up their malicious activities. On this occasion, one of ESET’s analysts anonymously contacted the group, using the official support channel offered to the ransomware victims by the TeslaCrypt’s operators and requested the universal master decryption key. Surprisingly, they made it public. This has allowed ESET to promptly create a free decrypting tool capable of unlocking files affected by all variants of this ransomware. How do I clean a TeslaCrypt infection using the ESET TeslaCrypt decrypter? Issue Your personal files became encrypted and the following information may be displayed in your computer, or in a .txt, .html or .png file Your ESET product detects the infection Win32/Filecoder.TeslaCrypt How to decrypt your files using the ESETTeslaCryptDecryptor.exe tool Solution Download the ESETTeslaCryptDecryptor.exe tool and save the file to your Desktop. Click Start → All Programs → Accessories, right-click Command prompt and then select Run as administrator from the context menu. Windows 8 / 8.1 / 10 users: press the Windows key + Q to search for applications, type Command prompt into the Search field, right-click Command prompt and then select Run as administrator from the context menu. Type the command cd %userprofile%\Desktop (do not replace "userprofile" with your username–type the command ...
5/5 2,764 Nov 13, 2019
Kaspersky RakhniDecryptor
Kaspersky RakhniDecryptor RakhniDecryptor utility for removing Trojan-Ransom.Win32.Rakhni malicious software (.oshit and others) The malicious programs Trojan-Ransom.Win32.Rakhni, Trojan-Ransom.Win32.Agent.iih, Trojan-Ransom.Win32.Aura, Trojan-Ransom.Win32.Autoit, and Trojan-Ransom.AndroidOS.Pletor are used by malefactors to encrypt files so that their extensions are changed as follows: <filename>.<original_extension>.<locked> <filename>.<original_extension>.<kraken> <filename>.<original_extension>.<darkness> <filename>.<original_extension>.<nochance> <filename>.<original_extension>.<oshit> <filename>.<original_extension>.<oplata@qq_com> <filename>.<original_extension>.<relock@qq_com> <filename>.<original_extension>.<crypto> <filename>.<original_extension>.<> <filename>.<original_extension>.<pizda@qq_com> <filename>.<original_extension>.<dyatel@qq_com> <filename>.<original_extension>_crypt <filename>.<original_extension>.<nalog@qq_com> <filename>.<original_extension>.<chifrator@qq_com> <filename>.<original_extension>.<gruzin@qq_com> <filename>.<original_extension>.<troyancoder@qq_com> <filename>.<original_extension>.<encrypted> <filename>.<original_extension>.<cry> <filename>.<original_extension>.<AES256> <filename>.<original_extension>.<enc> <filename>.<original_extension>.<coderksu@gmail_com_id371> <filename>.<original_extension>.<coderksu@gmail_com_id372> <filename>.<original_extension>.<coderksu@gmail_com_id374> <filename>.<original_extension>.<coderksu@gmail_com_id375> <filename>.<original_extension>.<coderksu@gmail_com_id376> <filename>.<original_extension>.<coderksu@gmail_com_id392> <filename>.<original_extension>.<coderksu@gmail_com_id357> <filename>.<original_extension>.<coderksu@gmail_com_id356> <filename>.<original_extension>.<coderksu@gmail_com_id358> <filename>.<original_extension>.<coderksu@gmail_com_id359> <filename>.<original_extension>.<coderksu@gmail_com_id360> <filename>.<original_extension>.<coderksu@gmail_com_id20> <filename>> <filename>.<original_extension>.<hb15> For example: Before: file.doc / After: file.doc.locked Before: 1.doc / After: 1.dochb15 To regain control over the files encrypted by Trojan-Ransom.Win32.Rakhni, Trojan-Ransom.Win32.Aura, Trojan-Ransom.Win32.Agent.iih, Trojan-Ransom.Win32.Autoit, and Trojan-Ransom.AndroidOS.Pletor, use the RakhniDecryptor utility developed by Kaspersky Lab specialists. 1. How to work with the utility IMPORTANT: Trojan-Ransom.Win32.Rakhni creates the exit.hhr.oshit file that contains an encrypted password to user's files. If this file remains on the computer, it will make decryption with the RakhniDecryptor utility faster. If the file has been removed, it can be recovered with file recovery utilities. After the file is recovered, put it into %APPDATA% and run the scan with the utility once again. The exit.hhr.oshit file has the following path: Windows XP: C:\Documents and Settings\<username>\Application Data Windows 7/8: C:\Users\<username>\AppData\Roaming To decrypt ...
5/5 6,036 Nov 13, 2019
Kaspersky Lab
Kaspersky RannohDecryptor
Kaspersky RannohDecryptor If the system is infected by a malicious program of the family Trojan-Ransom.Win32.Rannoh , Trojan-Ransom.Win32.AutoIt, Trojan-Ransom.Win32.Fury, or Trojan-Ransom.Win32.Cryakl, all files on the computer will be encrypted in the following way: In case of a Trojan-Ransom.Win32.Rannoh infection, file names and extensions will be changed according to the template locked-<original name>.<four random letters>. In case of a Trojan-Ransom.Win32.Cryakl infection, the tag {CRYPTENDBLACKDC} is added to the end of file names. In case of a Trojan-Ransom.Win32.AutoIt infection, extensions will be changed according to the template <original name>@<mail server>_.<random set of characters>. Example: ioblomov@india.com_RZWDTDIC. To decrypt files affected by Trojan-Ransom.Win32.Rannoh, Trojan-Ransom.Win32.AutoIt, Trojan-Ransom.Win32.Fury, Trojan-Ransom.Win32.Crybola or Trojan-Ransom.Win32.Cryakl, use the RannohDecryptor utility.
5/5 3,528 Nov 13, 2019
Kaspersky Lab
Kaspersky RectorDecryptor
Kaspersky RectorDecryptor Cybercriminals use Trojan-Ransom.Win32.Rector for disrupting normal performance of computers and for unauthorized modification of data making it unusable. Once the data has been “taken hostage” (blocked), its owner (user) receives a ransom demand. The victim is supposed to deliver the ransom in exchange for pirate's promise to send a utility that would restore the data or repair the PC. Kaspersky Lab specialists have developed a special utility for decrypting the data encrypted by Trojan-Ransom.Win32.Rector. The utility has a GUI. Do the following to decrypt files encrypted by Trojan-Ransom.Win32.Rector: Download the utility to an infected computer; Extract its content using an archiver (WinZip, e.g.); Run the file RectorDecryptor.exe; The utility starts working by clicking the button Start scan. It finds and decrypts encrypted files. Select the option Delete crypted files after decryption to delete copies of encrypted files with extensions .vscrypt, .infected, .bloc, .korrektor, etc. after successful decryption.
5/5 6,017 Nov 13, 2019
Kaspersky Lab
Kaspersky ScatterDecryptor
Kaspersky ScatterDecryptor If your computer is infected with Trojan-Ransom.BAT.Scatter, use the ScatterDecryptor utility for restoring encrypted files. Trojan-Ransom.BAT.Scatter encrypts user files with a public key and changes their extensions. The files can only be decrypted with a unique secret key. ScatterDecryptor restores the files only if the utility contains a certain Trojan-Ransom.BAT.Scatter modification's secret key.
5/5 4,626 Nov 13, 2019
Kaspersky Labs International Ltd.
Kaspersky ScraperDecryptor
Kaspersky ScraperDecryptor The malicious program Trojan-Ransom.Win32.Scraper encrypts user files to block access to them. After the data has been blocked, the user is required to pay a ransom. To decrypt files affected by Trojan-Ransom.Win32.Scraper, use the ScraperDecryptor utility developed by Kaspersky Lab engineers.
5/5 3,698 Nov 13, 2019
Kaspersky Lab
Kaspersky XoristDecryptor
Kaspersky XoristDecryptor Malware of the family Trojan-Ransom.Win32.Xorist is designed for unauthorized modification of data on a victim computer. It makes computers uncontrollable or blocks its normal performance. After taking the data as a “hostage” (blocking it), a ransom is demanded from the user. The victim is supposed to deliver the ransom to the pirate, who is promising to send in return a program which would release the data or restore normal performance of the computer. There is a utility to confront malware of the family Trojan-Ransom.Win32.Xorist - XoristDecryptor.exe. The utility XoristDecryptor.exe is provided with a GUI. Disinfection of an infected system: Download the to an infected computer. Extract the utility using an archiver program, WinZip for example. Run the XoristDecryptor.exe file. Click the Start scan button to execute the utility . The utility will prompt you to enter path of at least one encrypted file to begin the decryption process. The trojan program encrypts all files with the following extensions: doc, xls, docx, xlsx, db, mp3, waw, jpg, jpeg, txt, rtf, pdf, rar, zip, psd, msi, tif, wma, lnk, gif, bmp, ppt, pptx, docm, xlsm, pps, ppsx, ppd, tiff, eps, png, ace, djvu, xml, cdr, max, wmv, avi, wav, mp4, pdd, html, css, php, aac, ac3, amf, amr, mid, midi, mmf, mod, mp1, mpa, mpga, mpu, nrt, oga, ogg, pbf, ra, ram, raw, saf, val, wave, wow, wpk, 3g2, 3gp, 3gp2, 3mm, amx, avs, bik, bin, dir, divx, dvx, evo, flv, qtq, tch, rts, rum, rv, scn, srt, stx, svi, swf, trp, vdo, wm, wmd, wmmp, wmx, wvx, xvid, 3d, 3d4, 3df8, pbs, adi, ais, amu, arr, bmc, bmf, cag, cam, dng, ink, jif, jiff, jpc, jpf, jpw, mag, mic, mip, msp, nav, ncd, odc, odi, opf, qif, qtiq, srf, xwd, abw, act, adt, aim, ans, asc, ase, bdp, bdr, bib, boc, crd, diz, dot, dotm, dotx, dvi, ...
5/5 5,949 Nov 13, 2019
Kaspersky Lab
TeslaDecoder 1.0.1
TeslaDecoder 1.0.1 TeslaDecoder has the ability to decrypt all variants of the TeslaCrypt ransomware. This includes the following extensions: .micro, .xxx, .ttt, .mp3, and also encrypted files that have not had their file extensions changed. For older versions of the TeslaCrypt ransomware, when run TeslaDecoder, it will search for particular Windows registry keys, the storage.bin file, or key.dat file, and if it finds these keys, it will attempt to extract the decryption key. If a decryption key is extracted it can then decrypt all of the files in a designated folder or all files on a system. Some victim's of this ransomeware have had the decryption key stripped from the data files. In this case, TeslaDecoder will not be able to help you decrypt your files. For the newest versions of the TeslaCrypt ransomeware (The most common), read the instructions contained in the download package to decrypt your files. Changelog for TeslaDecoder, TeslaViewer and TeslaRefactor --------------------------------------------------------- **************** * TeslaDecoder * **************** ========== = 1.0.1 = ========== - Removed check of a value at offset 0x08 for TeslaCrypt 3/4 encrypted files ========== = 1.0.0 = ========== - Added 4th PrivateKyTesla into TeslaDecoder. All files encrypted by TeslaCrypt 3.0.0 - 4.2 can be decrypted. The key is predefined when extension of TeslaCrypt 3/4 is choosen in Set key dialog. ========== = 0.0.91 = ========== - Decrypt list - If listed file doesn't have TeslaCrypt extension, the file extension is not changed. ========== = 0.0.90 = ========== - Added support for listing encrypted files and decryption of listed files in the list file. - GUI changes - Log changes - Internal changes - README.txt rewritten ========== = 0.0.85 = ========== - Added support for TeslaCrypt 4.0 with the same extension as the original file. ========== = 0.0.84 = ========== - Fixed and issue when PublicKeyBC in exx files is shorter than 64 characters ========== = 0.0.83 = ========== - Fixed a bug when all files were skipped if decryption of xxx, ttt, micro, mp3 files was selected and ...
5/5 2,938 Nov 13, 2019
Showing rows 1 to 11 of 11 Showing Page 1 of 1  1 

Copyright (c) 2020

Tweets by @GeekOnTheLoose